The best way to help end-users avoid getting phished it to not accept
phishing messages for delivery. DKIM-SSP where strict policy
statements are published offer a mechanism for this.
I get a message from security(_at_)ebay-verify(_dot_)com(_dot_) It has a
valid
signature. I check the SSP for ebay-verify.com, which says "MAJOR
PHISHING TARGET, ACCEPT ONLY WITH SIGNATURE." So I drop it into the
recipient's mailbox with a gold star on it.
What have we just accomplished?
A bad thing. Don't put the gold star on it. That would be a mistake.
I think we all agree it would be a mistake.
How does DKIM-SSP help us not to put the gold star on it? Someone
said that DKIM-SSP offers a mechanism to not accept phishing messages
for delivery.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html